Last week, we reported that a PoC exploit appeared on the network for the dangerous vulnerability CVE-2021-34527 in Windows Print Spooler (spoolsv.exe), which the researchers named PrintNightmare. The problem affects all versions of Windows, can even affect XP and Vista, and helps remotely execute arbitrary code with SYSTEM privileges, which allows an attacker to install programs, view, modify or delete data, and create new accounts with user rights.
There is no patch for this vulnerability yet, and Microsoft experts reported that the problem is already being exploited in real life, although the company did not specify whether this is being done by cybercriminals or information security researchers.
Microsoft engineers offered administrators several solutions to the problem. For example, it is recommended to disable Print Spooler altogether by blocking printing locally and remotely. It is also possible to disable incoming remote printing through Group Policy, which will block the main vector of potential attacks. In the second case, “the system will no longer function as a print server, but local printing from directly connected devices will still be possible.”
Now a third option has appeared: the experts involved in the development of the 0patch solution have prepared temporary patches (or micro-patches) for this problem. Let me remind you that 0patch is a platform designed just for such situations, that is, fixing 0-day and other unpatched vulnerabilities, to support products that are no longer supported by manufacturers, custom software, and so on.
Micropatches are available for Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2008 R2, as well as Windows 10 v20H2, Windows 10 v2004, and Windows 10 v1909.